This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
modzero
modzero.bsky.social
did:plc:sdqloadzxhgicck3x26uajr3
We broke something:
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
https://modzero.com/en/blog/spring_boot_ssti/
2025-01-10T09:51:42.347Z